Exploited
CWE
20
Advisory Published
Updated

CVE-2020-3161: Cisco IP Phones Web Server Remote Code Execution and Denial-of-Service Vulnerability

First published: Wed Apr 15 2020(Updated: )

A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.

Credit: ykramarz@cisco.com ykramarz@cisco.com

Affected SoftwareAffected VersionHow to fix
Cisco Ip Phone 8865 Firmware=10.3\(1\)es14
Cisco Ip Phone 8865 Firmware=11.0\(1\)
Cisco Ip Phone 8865 Firmware=11.0\(5\)sr1
Cisco Ip Phone 8865
Cisco Ip Phone 8851 Firmware=10.3\(1\)es14
Cisco Ip Phone 8851 Firmware=11.0\(1\)
Cisco Ip Phone 8851 Firmware=11.0\(5\)sr1
Cisco IP Phone 8851
Cisco Ip Phone 7841 Firmware=11.0\(1\)
Cisco Ip Phone 7841
Cisco Ip Phone 7821 Firmware=11.0\(1\)
Cisco Ip Phone 7821
Cisco Ip Phone 8811 Firmware=10.3\(1\)es14
Cisco Ip Phone 8811 Firmware=11.0\(1\)
Cisco Ip Phone 8811 Firmware=11.0\(5\)sr1
Cisco Ip Phone 8811
Cisco Ip Phone 8861 Firmware=10.3\(1\)es14
Cisco Ip Phone 8861 Firmware=11.0\(1\)
Cisco Ip Phone 8861 Firmware=11.0\(5\)sr1
Cisco Ip Phone 8861
Cisco Ip Phone 8845 Firmware=10.3\(1\)es14
Cisco Ip Phone 8845 Firmware=11.0\(1\)
Cisco Ip Phone 8845 Firmware=11.0\(5\)sr1
Cisco Ip Phone 8845
Cisco Ip Phone 7861 Firmware=11.0\(1\)
Cisco IP Phone 7861
Cisco Ip Phone 8841 Firmware=10.3\(1\)es14
Cisco Ip Phone 8841 Firmware=11.0\(1\)
Cisco Ip Phone 8841 Firmware=11.0\(5\)sr1
Cisco Ip Phone 8841
Cisco Ip Phone 7811 Firmware=11.0\(1\)
Cisco Ip Phone 7811
Cisco Ip Phone 8821 Firmware=10.3\(1\)es14
Cisco Ip Phone 8821 Firmware=11.0\(1\)
Cisco Ip Phone 8821 Firmware=11.0\(5\)sr1
Cisco Ip Phone 8821
Cisco Ip Phone 8821-ex Firmware=10.3\(1\)es14
Cisco Ip Phone 8821-ex Firmware=11.0\(1\)
Cisco Ip Phone 8821-ex Firmware=11.0\(5\)sr1
Cisco Ip Phone 8821-ex
Cisco 8831 Firmware=10.3\(1\)es14
Cisco 8831 Firmware=11.0\(1\)
Cisco 8831 Firmware=11.0\(5\)sr1
Cisco 8831
Cisco Cisco IP Phones
All of
Any of
Cisco Ip Phone 8865 Firmware=10.3\(1\)es14
Cisco Ip Phone 8865 Firmware=11.0\(1\)
Cisco Ip Phone 8865 Firmware=11.0\(5\)sr1
Cisco Ip Phone 8865
All of
Any of
Cisco Ip Phone 8851 Firmware=10.3\(1\)es14
Cisco Ip Phone 8851 Firmware=11.0\(1\)
Cisco Ip Phone 8851 Firmware=11.0\(5\)sr1
Cisco IP Phone 8851
All of
Cisco Ip Phone 7841 Firmware=11.0\(1\)
Cisco Ip Phone 7841
All of
Cisco Ip Phone 7821 Firmware=11.0\(1\)
Cisco Ip Phone 7821
All of
Any of
Cisco Ip Phone 8811 Firmware=10.3\(1\)es14
Cisco Ip Phone 8811 Firmware=11.0\(1\)
Cisco Ip Phone 8811 Firmware=11.0\(5\)sr1
Cisco Ip Phone 8811
All of
Any of
Cisco Ip Phone 8861 Firmware=10.3\(1\)es14
Cisco Ip Phone 8861 Firmware=11.0\(1\)
Cisco Ip Phone 8861 Firmware=11.0\(5\)sr1
Cisco Ip Phone 8861
All of
Any of
Cisco Ip Phone 8845 Firmware=10.3\(1\)es14
Cisco Ip Phone 8845 Firmware=11.0\(1\)
Cisco Ip Phone 8845 Firmware=11.0\(5\)sr1
Cisco Ip Phone 8845
All of
Cisco Ip Phone 7861 Firmware=11.0\(1\)
Cisco IP Phone 7861
All of
Any of
Cisco Ip Phone 8841 Firmware=10.3\(1\)es14
Cisco Ip Phone 8841 Firmware=11.0\(1\)
Cisco Ip Phone 8841 Firmware=11.0\(5\)sr1
Cisco Ip Phone 8841
All of
Cisco Ip Phone 7811 Firmware=11.0\(1\)
Cisco Ip Phone 7811
All of
Any of
Cisco Ip Phone 8821 Firmware=10.3\(1\)es14
Cisco Ip Phone 8821 Firmware=11.0\(1\)
Cisco Ip Phone 8821 Firmware=11.0\(5\)sr1
Cisco Ip Phone 8821
All of
Any of
Cisco Ip Phone 8821-ex Firmware=10.3\(1\)es14
Cisco Ip Phone 8821-ex Firmware=11.0\(1\)
Cisco Ip Phone 8821-ex Firmware=11.0\(5\)sr1
Cisco Ip Phone 8821-ex
All of
Any of
Cisco 8831 Firmware=10.3\(1\)es14
Cisco 8831 Firmware=11.0\(1\)
Cisco 8831 Firmware=11.0\(5\)sr1
Cisco 8831

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the vulnerability ID for this Cisco IP Phones vulnerability?

    The vulnerability ID for this Cisco IP Phones vulnerability is CVE-2020-3161.

  • What is the severity level of CVE-2020-3161?

    CVE-2020-3161 has a severity level of 9.8 (Critical).

  • Who is affected by the Cisco IP Phones vulnerability?

    The Cisco IP Phones vulnerability affects Cisco IP Phones with specific firmware versions.

  • What is the impact of CVE-2020-3161?

    CVE-2020-3161 can allow an unauthenticated remote attacker to execute code with root privileges or cause a denial-of-service (DoS) condition on an affected Cisco IP Phone.

  • How can I fix the Cisco IP Phones vulnerability?

    To fix the Cisco IP Phones vulnerability, users should update the firmware of their Cisco IP Phones to a non-vulnerable version.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203